1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Foreign Korean Spammers - Spam Nightmare

Discussion in 'Forum Management' started by ProCom, Apr 7, 2016.

  1. ProCom

    ProCom Active Member

    I've been battling these terrible spammers for about a year and it's been a nightmare!

    Not only are these spammers total IDIOTS (the URLs aren't hyperlinked, so they get no SERP power, and none of my site visitors are going to copy/paste a link from text into their address bar) but they are also SUPER persistent!! I'm talking hundreds of threads per hour!

    A couple of my smaller sites were hit with Korean spam today at 4 am. Here's what I did to stop them:

    First I bumped up the registration block in TPU Spam Detect (LOVE THIS PLUGIN) to limit Philipines, Hong Kong, China

    Next, I looked at 3 examples of the current spam and found characters that are very common. I then went into Spam Management, and for "Spam Phrases" and added them with wildcards!

    *방*
    *트*
    *지*
    *이*

    So, this should catch a bunch of the Korean spam that comes in. I can add more characters if we see even more trends in what's used by these spammers.

    For sanity, I dug up some of the foreign spam I had back in October when I started this thread and almost all the characters above were represented somewhere in those old posts too!

    So, I'm pretty confident that this is going to work really well, at least for keeping the Korean spam from touching my live forum!

    Here's an example of the junk text / characters they post:
    upload_2016-4-7_10-33-12.png
     
    StarArmy likes this.
  2. ScarletCox

    ScarletCox Active Member

    So is none of your Korean spam actually originating in Korea?
     
  3. ProCom

    ProCom Active Member

    Nope, it hasn't been.

    On another site (not on xf) we block all non US registrations, so they sign up with US IP and then either spam from that or after registering, use a registration blocked IP.
     
  4. ScarletCox

    ScarletCox Active Member

    God, what a pain in the bum :/
     
  5. rainmotorsports

    rainmotorsports Well-Known Member

    Bet most of their US IPs actually belong to server providers and VPN providers. Blocking AS names belonging to data centers has little consequence. Blocking vpn providers is a problem for some sites.
     
    Xon likes this.
  6. Anthony Parsons

    Anthony Parsons Well-Known Member

    https://xenforo.com/community/resou...-spam-collection-anti-spam-free-version.1474/

    StopForumSpam is the only thing you need. I have the paid version of this... whilst there are free solutions in XF to stop url's, it doesn't stop spammers from actually posting sneaky url's inplace, thus they keep spamming you.

    I have about 12k uniques a day, and maybe, maybe, 1 spammer per month gets nonsense onto the community and past this add-on. Members then have the ability to report where established members as a result of doing, automatically places the content into moderation, removing it immediately from view. So spammers who think they can wait when no staff are online, nope, trusted members with x posts then have their ability to remove it until staff get online via report.

    I can look in the logs and see so much attempted spamming in the stop forum spam log, and it is huge... but 1, literally, maybe per month, gets through because they remove all url's, sneaky version attempts, you can't post email, na da... it stops them coming back.

    We have that add-on set using a post / like ratio requirement to post links, period, ensuring legit members have such rights, but those trying to get around the system still find themselves not able to post links, because the rubbish they post trying to get past the system isn't liked, so falls short still.

    Spammers look for easy targets, that simple. XF has built-in honey pot to stop bots... so you only have to stop the humans, which this does effectively as it stops sneaky and above attempts everywhere, profiles, PC's, posts... no other add-on does what this does.

    I have a 0.005% spam problem, basically.
     
    ScarletCox and ProCom like this.
  7. ProCom

    ProCom Active Member

    @Anthony Parsons , thanks!

    Does the URL / linking aspect of that addon work with urls that are foreign or in the format shown in the image above where they are using ASCII and foreign characters?
     
  8. Anthony Parsons

    Anthony Parsons Well-Known Member

    They're trying to use sneaky english . com in there, so it will pick it up, yes. I have seen similar in my logs long ago which it caught, and thus I don't get it nowadays... again, they move to soft targets.
     

Share This Page